Cyber Security Engineer (18 Months FTC)
There’s never been a more exciting time to be part of the nuclear sector. New opportunities are being created all the time. At NNL, you’ll be in the ideal place to capitalise on this momentum, face new challenges and develop a long, successful and meaningful career.
We’re an organisation that’s here to experiment and push the limits of what’s possible. So, if you’re keen to excel in your chosen field, this is the place to do it. Because at NNL, anything is possible.
The NNL are an innovative, world-renowned, scientific research organisation serving the national and international civil nuclear industry. Our ambitious roadmap is to use the latest technology to help our business deliver better outcomes. This role is within the Technology & Digital Change (T&DC) team, who are responsible for all Technology, Digital Change, Cyber Security and Information Assurance within the organisation.
The Cyber Security Engineer is responsible for operational security and assisting with the design, implementation and development security controls and systems. They will ensure that incidents are detected, prioritised, investigated, contained, remediated and that operational security controls are measured and constantly improved.
We support working flexibly, and can be flexible about location between our sites in the North West of England; some travel will be necessary to support business needs.
Main Responsibilities of the Cyber Security Engineer:
- Proven work experience as a System Security Engineer
- Work alongside IT infrastructure and CS&IA (cyber security and information assurance) teams to design, maintain and improve security systems
- Engineer, implement, maintain, and monitor operational security systems
- Monitor, investigate and respond to security incidents
- Work closely with the external SOC to ensure that they understand our business and help coordinate incident responses
- Develop security controls and processes to increase effectiveness, minimize false positives and provide a better experience to the business
- Assess vulnerabilities in context to determine risk and prioritise remediation
- Develop metrics to measure the effectiveness of operational security controls
- Prepare and document standard operating procedures for operational security controls
- Assist with penetration testing
- Assist with the collection, processing, preserving, analysis, and reporting of digital forensic evidence to support internal, criminal, fraud, counterintelligence, or law enforcement investigations
The Ideal Candidate
Essential Criteria for Cyber Security Manager:
- A degree in Computer Science, Software Engineering, Information Systems, Cyber Security, related field or equivalent experience
- Hands-on qualifications in Cyber security, e.g. Certified Ethical Hacker etc.
- Demonstrable hands-on experience of engineering, implementing and maintaining security systems, including at least some of the following:
- Firewalls and firewall management
- Web filtering
- Vulnerability scanning
- Experience of managing cryptographic systems such as TLS certificates, encryption, etc.
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
- Detailed technical knowledge of database and operating system security
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Experience of the full vulnerability management lifecycle including scanning, assessment and remediation
- Ability to achieve SC Clearance
- Communication – able to communicate security risk clearly and succinctly to technical and non-technical staff both verbally and in writing
- Problem solving and analysis – Able to identify and define complex problems, analyze and solve them in a logical, methodical manner and able to maintain this whilst under time pressure whilst dealing with an incident.
Desirable Criteria for Cyber Security Manager:
- Experience of providing evidence for compliance, e.g. Cyber Essential+, ISO27001, PCI DSS etc
- Experience of applying NCSC guidance and principles to develop security controls
- Experience of working with government protective marking scheme
- Experience of writing and/or contributing to technical designs
About the Company
Grounded in robust science and decades of experience, National Nuclear Laboratory (NNL) is the authoritative voice in the UK and beyond for technological development within the nuclear power sector.
Our unparalleled understanding of the science, challenges and opportunities makes us an unrivalled authority and partner in the field, providing experts, technologies, and access to cutting-edge facilities to organisations around the world.
Harnessing potential technologies and translating them into to industry-ready solutions means our pioneering approach spearheads international improvement and technological progress.
We work on projects as small as drilling a hole to analyse underground wastes with our integrated micro drilling technology, or as large as developing state-of-the-art power systems for spacecraft, based on radioactive materials
NNL has a vision for Equality, Diversity and Inclusivity (ED&I) where NNL aims to be an inclusive workplace that attracts diverse talent through transparent and equal policies and procedures. We want you and the diverse mix of people that we employ, customers that we service and stakeholders that we influence to feel valued. We encourage a workplace culture where everyone can thrive with a sense of belonging.
Recruitment Agency Notice
We operate a strict Preferred Supplier List (PSL) for the provision of recruitment services. Only agencies on our PSL may provide CVs and only when the role is released to them by our recruitment team. We will not accept unsolicited CVs from suppliers not currently on our PSL. We explicitly reserve the right to add candidate details from unsolicited CVs from non-PSL agencies into our own candidate database and to pursue/hire such candidate(s) without any obligation, financial or otherwise, to the agency concerned.
National Nuclear Laboratory